← LibraryTechnique entry
CVE-GHOSTCATDiscovery
Ghostcat / AJP File Read (CVE-2020-1938)
Tomcat AJP connector accepts unauthenticated file reads / includes — disclose WEB-INF/web.xml, often credentials.
§ Where this technique fits
CVE-GHOSTCAT is catalogued under the Discovery tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.